GitHub warns you about flaws in your Python code



[ad_1]

Python joined Ruby and JavaScript on the list of GitHub programming languages ​​that he analyzes for security flaws.

Developers using Python can now get security alerts for new bugs in the code repository platform.

They will also find Python on their project dependency graph, which tracks all the projects, packages, and applications on which the code of a developer depends without leaving their repository.

Security Alerts will warn users of known vulnerabilities affecting the code. The dependency graph also allows users to know if there is a known security solution within the GitHub community.

GitHub, bought by Microsoft for $ 7.5 billion last month, has detected more than four million vulnerabilities in 500,000 rubies. JavaScript code repositories after sending support for these languages ​​last year.

Developers have generally corrected known vulnerabilities GitHub has indicated that a similar approach for Python-based projects would be useful to users.

"We chose to launch the new platform with some recent vulnerabilities," the GitHub quality engineer Robert Schultheis said in a blog.

"Over the next few weeks, we will add other Python historical vulnerabilities to our database. We will continue to monitor the NVD stream and other sources, and send alerts on newly disclosed vulnerabilities." in Python packages. "

To enable Python security alerts, developers must first archive a requirements.txt file or a Pipfile.lock file in their public Python code repositories. This will automatically activate the dependency graph and security alerts.

Private repositories require users to choose security alerts through their settings or by allowing access in the dependency graphs section of the repository's Insights tab. then receive default security alerts and can add teams or individuals to notifications via the "Alerts" tab of the settings page.

Image: Bigstock

[ad_2]
Source link